Hybrid Cloud
Cyber Security & NaaS
AI & Data
IoT & Connectivity
Business Applications
Intelligent Workplace
Consulting & Professional Services
Small Medium Enterprise
Health and Social Care
Industry
Retail
Tourism and Leisure
Transport & Logistics
Energy & Utilities
Can you trust that AI? Verifiable credentials are your guarantee
Have you ever stopped to think that, in the future, not only humans will have their own identity, but also artificial intelligences?
It sounds like science fiction, like something out of the movie "Her", right? But it’s not that far-fetched. As AI becomes increasingly integrated into our lives and businesses, the question of “who or what is that AI?” becomes critical.
In fact, the growing adoption of AI agents is creating a real identity crisis within the ecosystem. In the business world, the enormous value that AI agents bring is already clear, and their usage is skyrocketing because they simplify our lives and optimise processes in ways we never imagined.
The growing adoption of AI agents is creating a real identity crisis within the ecosystem.
However, despite this rapid growth, there is still no standard way to verify who or what these agents truly represent. As a result, users remain vulnerable to identity theft, fraud and manipulation. This is where a powerful duo comes into play: AI agents and verifiable credentials.
So, what exactly is an “AI agent”?
To put it simply, an AI agent is an autonomous entity that acts on behalf of a user or another entity. Think of simple examples like your smartphone’s voice assistant booking a restaurant, or an algorithm that automatically manages your investments.
But it goes much further. An AI agent can be a customer support bot resolving queries, a product recommendation engine that learns your preferences, or even a more complex AI handling financial transactions or interactions between companies. The key lies in its ability to act with a degree of autonomy, making decisions or taking actions based on the information it processes.
An AI agent is an autonomous entity that acts on behalf of a user or another entity.
Here’s the first big question: if this agent is going to act on our behalf or our company’s behalf, how can we be sure of its identity? And how can it prove, for instance, that it’s authorised to access certain data or make a purchase?
Identity verification: the eternal challenge in the digital world
Since the arrival of the internet, the issue of online identity has been a constant challenge. It brings to mind the famous saying, “on the internet, nobody knows you’re a dog”—but now on a much larger scale. In the digital world, verifying who’s on the other side of the screen is complex.
Traditionally, we’ve relied on a few solutions that, while functional, have significant limitations:
- Passwords: The classic method, often inconvenient. Easy to forget, vulnerable to theft, and require juggling countless combinations.
- Centralised identity: Think of social networks or banking services. All our identity data is stored by a single company. What happens if that company suffers a cyberattack? Simple: our data is exposed. Plus, this model gives companies considerable control over our digital identity and sometimes the services we can access.
- Privacy concerns: We're often forced to share our full information with every service, losing control over who accesses what. Is it really necessary for a parking app to know our date of birth, or even to access a photo of our ID?
These issues are already complex for human users of the internet, but they multiply exponentially when we talk about AI agents. If an agent is operating in a complex environment, interacting with other agents, systems or even people, it needs a robust, secure and private way to establish its identity and credentials. How can we verify that the bot assisting us is really from our bank and not an imposter? Or as companies, how do we know that an agent is authorised to represent a specific human?
On the internet nobody knows you're a dog, scaled up to a whole new level.
Verifiable credentials: the solution we need
This is where verifiable credentials come into play. But what exactly are they? Think of your driving license, university degree or national ID, only in a digital format with enhanced capabilities.
■ A Verifiable Credential (VC) is essentially a piece of digital information that attests to a claim about an entity, whether it’s a person, an organisation, or in this case, an AI agent. The key feature is that the claim is cryptographically signed by a trusted issuing entity.
Take a university degree as an example of a verifiable credential:
- The issuer: A university.
- The holder: The student who completed the programme.
- The credential: The digital university degree.
The university creates a digital document containing the student’s name, course of study, and graduation date. What makes it powerful is that this document is digitally signed. That signature ensures two crucial things: the credential is authentic (legitimately issued by the university), and it hasn't been tampered with since it was issued.
What’s even better is that the holder, the student, has ownership and control over that credential. They store it in their digital wallet (which could be a mobile app or, in the future, their AI agent’s wallet). When proof is needed—say, to show they're an engineer— they simply present the digital credential via the app.
The key advantage is that the holder has full ownership and control of the credential.
And here's one of the biggest benefits: there's no need to reveal all your data. If you only need to prove you're over 18, you can present a credential that states just that without revealing your full birthdate. This gives you complete privacy control.
Why verifiable credentials are the ideal solution for digital identity
If verifiable credentials are useful for humans, for AI agents they’re nothing short of revolutionary. Here are some of the most important benefits:
- Robust security: Cryptography ensures credentials are authentic and unaltered. So when an AI agent presents a credential, we can trust it’s legitimate and that its content is accurate—significantly reducing the risk of impersonation.
- Privacy by design: AI agents can share only the necessary information. For example, if an agent needs to access a specific API, it can present a credential proving that access—without revealing sensitive details about its configuration or managing entity.
- Limitless interoperability: Verifiable credentials are designed as a standard. This allows an AI agent from one company to seamlessly interact with another company’s systems—regardless of their underlying technology. Picture a home energy management agent coordinating with your utility provider’s agent—they can "speak the same language" thanks to machine-to-machine communication standards.
- Auditability and accountability: If an AI agent makes a mistake or acts inappropriately, verifiable credentials help trace its identity and the permissions it had at the time. This is vital for accountability in a future where AI agents will be making increasingly important decisions.
- Decentralisation: There's no single point of failure or central authority controlling your identity. Credential verification happens directly between the verifier and the issuer (or via cryptographic proof), with traceability stored in trusted decentralised technology like Blockchain, eliminating the need for intermediaries.
Verifiable credentials are a true game-changer for AI agents.
The future is now: AI with its own identity
Imagine a world where your personal AI agent—helping with your finances, health or shopping—can interact securely and privately with other services and agents.
- Your AI agent could present a credential authorising access to your banking data for expense analysis, without the bank needing to store your personal data. By verifying the credential, the bank knows the request comes from your legitimate, authorised agent, preventing fraud through unauthorised access or identity theft.
- A logistics company’s AI agent could present a credential proving it's authorised to pick up and deliver packages, interacting directly with warehouse agents. The credential, issued by the logistics company and validated by the warehouse, proves the agent is legitimately authorised to handle a specific shipment—ensuring only verified agents are involved and preventing theft or unauthorised deliveries.
- In the public sector, an AI agent could handle grant applications by presenting credentials proving eligibility—streamlining processes and reducing bureaucracy. This ensures the interaction is with an agent representing a real, eligible citizen, preventing fraud in accessing public benefits.
So, the combination of AI agents and verifiable credentials isn’t just a futuristic concept—it’s an urgent need. It enables us to build a more secure, private and efficient digital ecosystem, where both humans and machines can interact with confidence—knowing who they’re dealing with and what permissions they have.
So the next time you interact with a bot or your voice assistant takes action for you, remember that thanks to verifiable credentials, in the not-so-distant future, that AI will have its own identity—and be able to prove exactly who it is.
The combination of AI agents and verifiable credentials isn’t just a futuristic idea—it’s an urgent need.
